AI-Powered PromptLock Ransomware Encrypts and Steals Data
▼ Summary
– Threat researchers discovered PromptLock, the first AI-powered ransomware that uses Lua scripts to steal and encrypt data across Windows, macOS, and Linux systems.
– The malware uses OpenAI’s gpt-oss:20b model via the Ollama API to dynamically generate malicious Lua scripts from hard-coded prompts for tasks like filesystem enumeration and encryption.
– PromptLock is written in Golang, connects to a remote LLM server through a proxy tunnel, and uses the lightweight SPECK 128-bit encryption algorithm, unusual for ransomware.
– ESET researchers believe PromptLock is a proof-of-concept or work in progress, not an active threat, citing weak encryption, an unimplemented data destruction feature, and a hard-coded Bitcoin address.
– This discovery demonstrates AI can be weaponized in malware for cross-platform capabilities and lower cybercrime barriers, similar to the earlier LameHug malware that used Hugging Face and Alibaba APIs.
A new form of ransomware named PromptLock has been identified by cybersecurity experts, marking the first known instance of malware that leverages artificial intelligence to carry out its attacks. This sophisticated threat targets Windows, macOS, and Linux systems, using Lua scripts to both encrypt and exfiltrate sensitive data. The emergence of AI-driven malware represents a significant shift in the cyber threat landscape, enabling attackers to operate with greater adaptability and reduced technical barriers.
The ransomware is built using the Golang programming language and interfaces with OpenAI’s gpt-oss:20b model through the Ollama API. Rather than embedding pre-written malicious code, PromptLock uses hard-coded prompts to instruct the AI to generate Lua scripts dynamically. These scripts perform a range of harmful activities, including scanning the local file system, inspecting specific files, stealing data, and encrypting content. A remote server hosts the large language model, with the attacker connecting via a proxy tunnel to maintain anonymity and control.
One notable aspect of PromptLock is its use of the SPECK 128-bit encryption algorithm, an unconventional choice for ransomware. This lightweight cipher is typically associated with RFID applications rather than data extortion schemes, suggesting either experimental intent or an attempt to avoid common detection mechanisms. Researchers also noted references to data destruction features within the code, though these capabilities remain unimplemented in the current version.
So far, PromptLock has not been observed in active attacks. Security firm ESET discovered the sample on VirusTotal rather than through live incident telemetry. Several elements indicate that this malware is likely a proof-of-concept or work in progress. These include the use of a weak encryption method, a hard-coded Bitcoin address linked to Satoshi Nakamoto, and incomplete functionality. Following the publication of research details, an individual claiming to be a security researcher stated that PromptLock was a personal project that had been leaked unintentionally.
Despite its current status as a non-operational threat, PromptLock underscores a troubling trend: the weaponization of AI in cybercrime. Its design demonstrates how large language models can be misused to create cross-platform malware capable of adapting to different environments and evading traditional security measures. This development lowers the entry barrier for less skilled attackers, enabling them to produce more sophisticated tools with limited coding knowledge.
This is not an isolated case. Earlier this year, Ukrainian CERT reported on LameHug, another AI-powered tool used by Russian state-linked hackers. That malware utilized the Hugging Face API and Alibaba’s Qwen-2.5-Coder-32B model to generate shell commands in real time. While LameHug relies on direct API calls, a simpler method than PromptLock’s proxied approach, both show how artificial intelligence is being integrated into malicious operations, increasing the potential scale and impact of cyber attacks.
(Source: Bleeping Computer)
